Hey,
Just a quick FYI / heads up for those that care, Adobe Reader (the one full of holes) now has built in sandboxing after the release of Adobe Reader X this week. Essentially meaning any future vulnerabilities 'should' have a negligible risk of being successfully exploited and pwning your box. So worth updating
There's some great reading on the design theory here: Part 1, Part 2 and Part 3, explaining how it is accomplished using Integrity Levels, Policies, Restricted Tokens etc.
Good steps in the right direction, hugely overdue and it's certainly now significantly harder to exploit in theory. Hopefully Adobe won't rely too much on out sourcing their security to the OS though... Once any teething vulnerabilities are out the way it should match up to Google Chrome style safety.
Personally I think they should just invest in training their programmers to write secure code to begin with, I mean the amount of flaws discovered in the past 2 years alone is ridiculous...
If you use Foxit or similar, it's also worth combining with Sanboxie to create a manual sandbox especially when considering the complexity of the PDF format and level of dangerous parsing involved in reading software.
Just a quick FYI / heads up for those that care, Adobe Reader (the one full of holes) now has built in sandboxing after the release of Adobe Reader X this week. Essentially meaning any future vulnerabilities 'should' have a negligible risk of being successfully exploited and pwning your box. So worth updating
There's some great reading on the design theory here: Part 1, Part 2 and Part 3, explaining how it is accomplished using Integrity Levels, Policies, Restricted Tokens etc.
Good steps in the right direction, hugely overdue and it's certainly now significantly harder to exploit in theory. Hopefully Adobe won't rely too much on out sourcing their security to the OS though... Once any teething vulnerabilities are out the way it should match up to Google Chrome style safety.
Personally I think they should just invest in training their programmers to write secure code to begin with, I mean the amount of flaws discovered in the past 2 years alone is ridiculous...
If you use Foxit or similar, it's also worth combining with Sanboxie to create a manual sandbox especially when considering the complexity of the PDF format and level of dangerous parsing involved in reading software.